feat: Legacy timestamp grace (#24)

cdmurph32 · web-flow · commit fcf2f0f8c3fc · 2025-10-27T12:59:15.000-04:00
* fix: Change tests to expect validation status

Temporarily point to sha instead of published version of c2pa-rs

* feat: Legacy Timestamp Grace

bump c2pa version for older manifest timestamp fix.
Add CAWG validation to reader.

* feat: add test for cawg decoding

* chore: add changeset
diff --git a/.changeset/four-poems-reply.md b/.changeset/four-poems-reply.md
@@ -0,0 +1,5 @@
+---
+"@contentauth/c2pa-node": patch
+---
+
+CAWG reader validation improvements
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -11,7 +11,7 @@ crate-type = ["cdylib"]
 [dependencies]
 async-trait = "0.1.77"
 ciborium = "0.2.2"
-c2pa = { version = "0.67", default-features = false, features = ["file_io", "pdf", "fetch_remote_manifests", "add_thumbnails", "rust_native_crypto"] }
+c2pa = { version = "0.68", default-features = false, features = ["file_io", "pdf", "fetch_remote_manifests", "add_thumbnails", "rust_native_crypto"] }
 futures = "0.3"
 image = "0.25.6"
 neon = { version = "1.0.0", default-features = false, features = [
@@ -29,7 +29,7 @@ reqwest = { version = "0.12.2", default-features = false, features = [
 ] }
 serde = { version = "1.0.203", features = ["derive"] }
 serde_bytes = "0.11.15"
-serde_json = "1.0.117"
+serde_json = "1.0.145"
 toml = "0.8"
 thiserror = "1.0.61"
 tokio = { version = "1.43.0", features = ["rt-multi-thread"] }
diff --git a/js-src/Builder.spec.ts b/js-src/Builder.spec.ts
@@ -212,7 +212,9 @@ describe("Builder", () => {
       const reader = await Reader.fromAsset(dest);
       const manifestStore = reader.json();
       const activeManifest = reader.getActive();
-      expect(manifestStore.validation_status).toBeUndefined();
+      expect(manifestStore.validation_status![0].code).toBe(
+        "signingCredential.untrusted",
+      );
       expect(manifestStore.active_manifest).not.toBeUndefined();
       expect(activeManifest?.title).toBe("Test_Manifest");
     });
@@ -265,7 +267,9 @@ describe("Builder", () => {
       });
       const manifestStore = reader.json();
       const activeManifest = reader.getActive();
-      expect(manifestStore.validation_status).toBeUndefined();
+      expect(manifestStore.validation_status![0].code).toBe(
+        "signingCredential.untrusted",
+      );
       expect(manifestStore.active_manifest).not.toBeUndefined();
       expect(activeManifest?.title).toBe("Test_Manifest");
     });
@@ -294,7 +298,9 @@ describe("Builder", () => {
       const reader = await Reader.fromAsset(dest);
       const manifestStore = reader.json();
       const activeManifest = reader.getActive();
-      expect(manifestStore.validation_status).toBeUndefined();
+      expect(manifestStore.validation_status![0].code).toBe(
+        "signingCredential.untrusted",
+      );
       expect(manifestStore.active_manifest).not.toBeUndefined();
       expect(activeManifest?.title).toBe("Test_Manifest");
     });
@@ -326,7 +332,9 @@ describe("Builder", () => {
       });
       const manifestStore = reader.json();
       const activeManifest = reader.getActive();
-      expect(manifestStore.validation_status).toBeUndefined();
+      expect(manifestStore.validation_status![0].code).toBe(
+        "signingCredential.untrusted",
+      );
       expect(manifestStore.active_manifest).not.toBeUndefined();
       expect(activeManifest?.title).toBe("Test_Manifest");
     });
@@ -354,7 +362,9 @@ describe("Builder", () => {
       });
       const manifestStore = reader.json();
       const activeManifest = reader.getActive();
-      expect(manifestStore.validation_status).toBeUndefined();
+      expect(manifestStore.validation_status![0].code).toBe(
+        "signingCredential.untrusted",
+      );
       expect(manifestStore.active_manifest).not.toBeUndefined();
       expect(activeManifest?.title).toBe("Test_Manifest");
     });
diff --git a/js-src/Reader.spec.ts b/js-src/Reader.spec.ts
@@ -198,4 +198,50 @@ describe("Reader", () => {
     );
     expect(reader.isEmbedded()).toBeFalsy();
   });
+
+  it("should decode CAWG identity assertion with signature_info", async () => {
+    // This test verifies that postValidateCawg() properly decodes CAWG assertions
+    // and extracts signature_info from the signature data, matching c2pa-js behavior
+    const reader = await Reader.fromAsset({
+      path: "./tests/fixtures/C_with_CAWG_data.jpg",
+    });
+
+    // Call postValidateCawg to decode CAWG assertions
+    await reader.postValidateCawg();
+
+    const activeManifest = reader.getActive();
+
+    // Find the cawg.identity assertion
+    const cawgIdentityAssertion = activeManifest?.assertions?.find(
+      (assertion: any) => assertion.label === "cawg.identity",
+    ) as any;
+
+    expect(cawgIdentityAssertion).toBeDefined();
+    expect(cawgIdentityAssertion?.data).toBeDefined();
+    expect(cawgIdentityAssertion?.data.signature_info).toBeDefined();
+
+    // Verify signature_info structure matches c2pa-js behavior
+    const signatureInfo = cawgIdentityAssertion?.data.signature_info;
+    const signerPayload = cawgIdentityAssertion?.data.signer_payload;
+
+    // Verify signature_info values
+    expect(signatureInfo.alg).toBe("Ed25519");
+    expect(signatureInfo.issuer).toBe("C2PA Test Signing Cert");
+    expect(signatureInfo.cert_serial_number).toBe(
+      "638838410810235485828984295321338730070538954823",
+    );
+    expect(signatureInfo.revocation_status).toBe(true);
+
+    // Verify signer_payload values
+    expect(signerPayload.sig_type).toBe("cawg.x509.cose");
+    expect(signerPayload.referenced_assertions).toHaveLength(2);
+    expect(signerPayload.referenced_assertions[0]).toEqual({
+      url: "self#jumbf=c2pa.assertions/cawg.training-mining",
+      hash: "rBBgURB+/0Bc2Uk3+blNpYTGQTxOwzXQ2xhjA3gsqI4=",
+    });
+    expect(signerPayload.referenced_assertions[1]).toEqual({
+      url: "self#jumbf=c2pa.assertions/c2pa.hash.data",
+      hash: "sASozh9KFSkW+cyMI0Pw5KYoD2qn7MkUEq9jUUhe/sM=",
+    });
+  });
 });
diff --git a/js-src/Settings.spec.ts b/js-src/Settings.spec.ts
@@ -128,7 +128,7 @@ describe("Settings", () => {
 
       // Verify settings are still intact
       const currentSettings = JSON.parse(getSettingsJson());
-      expect(currentSettings.core.hash_alg).toBe("sha256");
+      expect(currentSettings.core.merkle_tree_max_proofs).toBe(5);
       expect(currentSettings.verify.verify_trust).toBe(true);
       expect(currentSettings.trust.verify_trust_list).toBe(true);
     });
diff --git a/js-src/Signer.spec.ts b/js-src/Signer.spec.ts
@@ -176,7 +176,10 @@ describe("CallbackSigner", () => {
     const activeManifest = reader.getActive();
 
     // If validation_status is undefined, the signature is valid
-    expect(manifestStore.validation_status).toBeUndefined();
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    expect(manifestStore.validation_status![0].code).toBe(
+      "signingCredential.untrusted",
+    );
     expect(manifestStore.active_manifest).not.toBeUndefined();
     expect(activeManifest?.title).toBe("Test_Manifest_Buffer");
   });
diff --git a/tests/fixtures/C_with_CAWG_data.jpg b/tests/fixtures/C_with_CAWG_data.jpg

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@contentauth/c2pa-node": patch
 +---
++
 +CAWG reader validation improvements